[packages/qt5-qtbase] up to 5.15.17

Fri May 23 23:09:21 CEST 2025

commit 66f7034ab8314fac7b0dbbe173dc43fc9562c77e
Author: Jan Palus <atler at pld-linux.org>
Date:   Fri May 23 23:08:46 2025 +0200

    up to 5.15.17

 CVE-2023-51714.patch | 97 ----------------------------------------------------
 qt5-qtbase.spec      | 12 +++----
 2 files changed, 5 insertions(+), 104 deletions(-)
---

diff --git a/qt5-qtbase.spec b/qt5-qtbase.spec
index cd12029..9f72643 100644
--- a/qt5-qtbase.spec
+++ b/qt5-qtbase.spec
@@ -70,20 +70,19 @@
 Summary:	Qt5 - base components
 Summary(pl.UTF-8):	Biblioteka Qt5 - podstawowe komponenty
 Name:		qt5-%{orgname}
-Version:	5.15.16
-Release:	3
+Version:	5.15.17
+Release:	1
 License:	LGPL v3 or GPL v2 or GPL v3 or commercial
 Group:		X11/Libraries
 Source0:	https://download.qt.io/official_releases/qt/5.15/%{version}/submodules/%{orgname}-everywhere-opensource-src-%{version}.tar.xz
-# Source0-md5:	5eb20e6fec405125777496a2e1e53038
+# Source0-md5:	20f841fb541ed2f1fe66ed9a938305eb
 Source1:	https://download.qt.io/official_releases/qt/5.15/%{version}/submodules/qttranslations-everywhere-opensource-src-%{version}.tar.xz
-# Source1-md5:	2f9320ff53b3cb51482cd45eec25a470
+# Source1-md5:	e20cfdef4f3088ca568f7e43ab5bba8c
 Patch0:		%{name}-system_cacerts.patch
 Patch1:		parallel-install.patch
 Patch2:		egl-x11.patch
 Patch3:		CVE-2024-39936-qtbase-5.15.patch
-Patch4:		CVE-2023-51714.patch
-Patch5:		no-stdc-pollution.patch
+Patch4:		no-stdc-pollution.patch
 URL:		https://www.qt.io/
 %{?with_directfb:BuildRequires:	DirectFB-devel}
 BuildRequires:	EGL-devel
@@ -1183,7 +1182,6 @@ Generator plików makefile dla aplikacji Qt5.
 %patch -P 2 -p1
 %patch -P 3 -p1
 %patch -P 4 -p1
-%patch -P 5 -p1
 
 %{__sed} -i -e 's,usr/X11R6/,usr/,g' mkspecs/linux-g++-64/qmake.conf
 
diff --git a/CVE-2023-51714.patch b/CVE-2023-51714.patch
deleted file mode 100644
index 2e84f84..0000000
--- a/CVE-2023-51714.patch
+++ /dev/null
@@ -1,97 +0,0 @@
-From ea63c28efc1d2ecb467b83a34923d12462efa96f Mon Sep 17 00:00:00 2001
-From: Marc Mutz <marc.mutz at qt.io>
-Date: Tue, 12 Dec 2023 20:51:56 +0100
-Subject: [PATCH] HPack: fix a Yoda Condition
-
-Putting the variable on the LHS of a relational operation makes the
-expression easier to read. In this case, we find that the whole
-expression is nonsensical as an overflow protection, because if
-name.size() + value.size() overflows, the result will exactly _not_
-be > max() - 32, because UB will have happened.
-
-To be fixed in a follow-up commit.
-
-As a drive-by, add parentheses around the RHS.
-
-Change-Id: I35ce598884c37c51b74756b3bd2734b9aad63c09
-Reviewed-by: Allan Sandfeld Jensen <allan.jensen at qt.io>
-(cherry picked from commit 658607a34ead214fbacbc2cca44915655c318ea9)
-Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot at qt-project.org>
-(cherry picked from commit 4f7efd41740107f90960116700e3134f5e433867)
-(cherry picked from commit 13c16b756900fe524f6d9534e8a07aa003c05e0c)
-(cherry picked from commit 1d4788a39668fb2dc5912a8d9c4272dc40e99f92)
-(cherry picked from commit 87de75b5cc946d196decaa6aef4792a6cac0b6db)
----
-
-diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
-index 834214f..ab166a6 100644
---- a/src/network/access/http2/hpacktable.cpp
-+++ b/src/network/access/http2/hpacktable.cpp
-@@ -63,7 +63,7 @@
-     // 32 octets of overhead."
- 
-     const unsigned sum = unsigned(name.size() + value.size());
--    if (std::numeric_limits<unsigned>::max() - 32 < sum)
-+    if (sum > (std::numeric_limits<unsigned>::max() - 32))
-         return HeaderSize();
-     return HeaderSize(true, quint32(sum + 32));
- }
-From 23c3fc483e8b6e21012a61f0bea884446f727776 Mon Sep 17 00:00:00 2001
-From: Marc Mutz <marc.mutz at qt.io>
-Date: Tue, 12 Dec 2023 22:08:07 +0100
-Subject: [PATCH] HPack: fix incorrect integer overflow check
-
-This code never worked:
-
-For the comparison with max() - 32 to trigger, on 32-bit platforms (or
-Qt 5) signed interger overflow would have had to happen in the
-addition of the two sizes. The compiler can therefore remove the
-overflow check as dead code.
-
-On Qt 6 and 64-bit platforms, the signed integer addition would be
-very unlikely to overflow, but the following truncation to uint32
-would yield the correct result only in a narrow 32-value window just
-below UINT_MAX, if even that.
-
-Fix by using the proper tool, qAddOverflow.
-
-Manual conflict resolutions:
- - qAddOverflow doesn't exist in Qt 5, use private add_overflow
-   predecessor API instead
-
-Change-Id: I7599f2e75ff7f488077b0c60b81022591005661c
-Reviewed-by: Allan Sandfeld Jensen <allan.jensen at qt.io>
-(cherry picked from commit ee5da1f2eaf8932aeca02ffea6e4c618585e29e3)
-Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot at qt-project.org>
-(cherry picked from commit debeb8878da2dc706ead04b6072ecbe7e5313860)
-Reviewed-by: Thiago Macieira <thiago.macieira at intel.com>
-Reviewed-by: Marc Mutz <marc.mutz at qt.io>
-(cherry picked from commit 811b9eef6d08d929af8708adbf2a5effb0eb62d7)
-(cherry picked from commit f931facd077ce945f1e42eaa3bead208822d3e00)
-(cherry picked from commit 9ef4ca5ecfed771dab890856130e93ef5ceabef5)
-Reviewed-by: Mårten Nordheim <marten.nordheim at qt.io>
----
-
-diff --git a/src/network/access/http2/hpacktable.cpp b/src/network/access/http2/hpacktable.cpp
-index ab166a6..de91fc0 100644
---- a/src/network/access/http2/hpacktable.cpp
-+++ b/src/network/access/http2/hpacktable.cpp
-@@ -40,6 +40,7 @@
- #include "hpacktable_p.h"
- 
- #include <QtCore/qdebug.h>
-+#include <QtCore/private/qnumeric_p.h>
- 
- #include <algorithm>
- #include <cstddef>
-@@ -62,7 +63,9 @@
-     // for counting the number of references to the name and value would have
-     // 32 octets of overhead."
- 
--    const unsigned sum = unsigned(name.size() + value.size());
-+    size_t sum;
-+    if (add_overflow(size_t(name.size()), size_t(value.size()), &sum))
-+        return HeaderSize();
-     if (sum > (std::numeric_limits<unsigned>::max() - 32))
-         return HeaderSize();
-     return HeaderSize(true, quint32(sum + 32));
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/qt5-qtbase.git/commitdiff/66f7034ab8314fac7b0dbbe173dc43fc9562c77e

